<div dir="ltr"><div><br></div><br>[stack@instack ~]$ neutron net-show public<br>+---------------------------+--------------------------------------+<br>| Field | Value |<br>+---------------------------+--------------------------------------+<br>| admin_state_up | True |<br>| id | 9959fc21-eaea-4cc8-bd72-0e711ca36cbe |<br>| mtu | 0 |<br>| name | public |<br>| provider:network_type | vlan |<br>| provider:physical_network | datacentre |<br>| provider:segmentation_id | 10 |<br>| router:external | True |<br>| shared | False |<br>| status | ACTIVE |<br>| subnets | e4948277-faa0-42c8-97f7-0095d1c20bfa |<br>| tenant_id | 497f8c12b2534fb08273f59c6c8ac2c6 |<br>+---------------------------+--------------------------------------+<br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 22, 2016 at 1:03 PM, Dan Sneddon <span dir="ltr"><<a href="mailto:dsneddon@redhat.com" target="_blank">dsneddon@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On 03/20/2016 12:11 PM, John Alway wrote:<br>
> Dan,<br>
><br>
> I set everything up the way you mentioned. The network I have labeled<br>
> "external network" is marked as an "extnet". By which I mean, in the<br>
> Dashboard, under "Network Details" for my external network... It has<br>
> an entry "Provider Network-> Physical Network: extnet".<br>
><br>
> I allocated a pool in the range 192.168.1.13 to 192,168.1.99 (I did<br>
> this because two of the computers on my physical network are<br>
> 192.168.1.11 and 192.168.1.12).<br>
><br>
> The virtual router has an IP address of 192.168.1.13 on the external<br>
> network, and the public_subnet on the external network has a gateway of<br>
> 192.168.1.2.<br>
><br>
> You're right about my physical router. Its address is 192.168.1.1<br>
><br>
> I tried pinging from a VM to the Internet, and it still fails.<br>
><br>
> I then tried allocating floating IPs to a VM, and it still failed to<br>
> ping the Internet.<br>
><br>
> So, I'm still not solved<br>
><br>
> Thanks for your feedback!<br>
><br>
> Regards,<br>
> ...John<br>
><br>
><br>
><br>
> On Sat, Mar 19, 2016 at 9:58 PM, Dan Sneddon <<a href="mailto:dsneddon@redhat.com">dsneddon@redhat.com</a><br>
</span><span class="">> <mailto:<a href="mailto:dsneddon@redhat.com">dsneddon@redhat.com</a>>> wrote:<br>
><br>
> I don't think the range you are using is the problem, although you<br>
</span>> should be using <a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">192.168.1.0/24</a> <<a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">http://192.168.1.0/24</a>> as your<br>
<span class="">> subnet and 192.168.1.1 as the router gateway (assuming that the WRT<br>
> is .1). You can set the allocation pool to a range like<br>
> 192.168.1.10-192.168.1.99. Also, assuming your WRT router is .1,<br>
> you will have to manually assign the virtual router IP (since the<br>
> default is .1 when you create a router on a /24 network).<br>
><br>
> You say that your VMs are connected through a virtual router. Are<br>
> you using floating IPs? You can't just route the VM traffic to the<br>
> WRT router without SNAT on the virtual router, so make sure you set<br>
> that network to external.<br>
><br>
> I suspect that the problem here might be that the virtual router<br>
> was using the same IP as the WRT router, or that you were doing<br>
> routing without SNAT because the network wasn't marked as external.<br>
><br>
>> Dan Sneddon | Principal OpenStack Engineer |<br>
</span>>> <a href="mailto:dsneddon@redhat.com">dsneddon@redhat.com</a> <mailto:<a href="mailto:dsneddon@redhat.com">dsneddon@redhat.com</a>><br>
<span class="">><br>
> On Mar 19, 2016, at 4:39 PM, John Alway <<a href="mailto:jalway@gmail.com">jalway@gmail.com</a><br>
</span><span class="">> <mailto:<a href="mailto:jalway@gmail.com">jalway@gmail.com</a>>> wrote:<br>
><br>
>> Hello,<br>
>><br>
>> I'm still not able to get snat to work (connecting to the<br>
>> Internet) with my RDO all-in-one installation, and I'm wondering<br>
>> if my router is the issue.<br>
>><br>
>> My router is a Linksys WRT54G, which does not support a "DHCP<br>
>> reservation" feature. I was able to set a fixed ip on it,<br>
>> because there is a range available from 192.168.1.2 through to<br>
>> 192.168.1.99, also 192.168.1.150 through 192.168.1.254.<br>
>><br>
>> This is according to "toomanydonuts" posting here:<br>
>> <a href="http://community.linksys.com/t5/Wireless-Routers/WRT54G-Static-IP-Question/td-p/152001" rel="noreferrer" target="_blank">http://community.linksys.com/t5/Wireless-Routers/WRT54G-Static-IP-Question/td-p/152001</a><br>
>><br>
>> I've been using the lower address range. Could this be the<br>
>> problem, or should I look elsewhere?<br>
>><br>
>> In my setup I have two private subnets, and three VMs. I can<br>
>> ping between the VMs, but can't ping the Internet. A virtual<br>
>> router connects the subnets and external network.<br>
>><br>
>> I set up my external subnet as <a href="http://192.168.1.0/28" rel="noreferrer" target="_blank">192.168.1.0/28</a><br>
</span>>> <<a href="http://192.168.1.0/28" rel="noreferrer" target="_blank">http://192.168.1.0/28</a>>. I use the 28 to limit the range for my<br>
<span class="">>> router. The external range is the same as my actual physical<br>
>> addresses on my LAN.<br>
>><br>
>> I should add, I'm not a network guy. I'm learning a lot of<br>
>> networking on the fly here.<br>
>><br>
>> Thanks for any feedback!!<br>
>> ...John<br>
>> _______________________________________________<br>
>> Rdo-list mailing list<br>
</span>>> <a href="mailto:Rdo-list@redhat.com">Rdo-list@redhat.com</a> <mailto:<a href="mailto:Rdo-list@redhat.com">Rdo-list@redhat.com</a>><br>
<span class="">>> <a href="https://www.redhat.com/mailman/listinfo/rdo-list" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/rdo-list</a><br>
>><br>
>> To unsubscribe: <a href="mailto:rdo-list-unsubscribe@redhat.com">rdo-list-unsubscribe@redhat.com</a><br>
</span>>> <mailto:<a href="mailto:rdo-list-unsubscribe@redhat.com">rdo-list-unsubscribe@redhat.com</a>><br>
><br>
><br>
<br>
The entry you are seeing for "Provider Network->Physical Network:<br>
extnet" just references which physical network you are using. The<br>
physical network name is related to the bridge mappings. The default<br>
bridge mapping is "datacentre:br-ex", so when I create a Public network<br>
with the default settings, the physical network is "datacentre". If you<br>
have different bridge mappings, then you might have a different<br>
physical network name.<br>
<br>
The property I am referring to is "router:external=True", which I'm not<br>
sure you can see in the Horizon dashboard. If you source "overcloudrc"<br>
on the Undercloud and run "neutron net-list" and then "neutron net-show<br>
<network>" on the external network, you will see this property, like this:<br>
<br>
[stack@instack ~]$ neutron net-show public<br>
+---------------------------+--------------------------------------+<br>
| Field | Value |<br>
+---------------------------+--------------------------------------+<br>
| admin_state_up | True |<br>
| id | 9959fc21-eaea-4cc8-bd72-0e711ca36cbe |<br>
| mtu | 0 |<br>
| name | public |<br>
| provider:network_type | vlan |<br>
| provider:physical_network | datacentre |<br>
| provider:segmentation_id | 10 |<br>
| router:external | True |<br>
| shared | False |<br>
| status | ACTIVE |<br>
| subnets | e4948277-faa0-42c8-97f7-0095d1c20bfa |<br>
| tenant_id | 497f8c12b2534fb08273f59c6c8ac2c6 |<br>
+---------------------------+--------------------------------------+<br></blockquote><div><br></div><div><br></div><div>I have an rdo all-in-one set up right now, and don't have a "Overcloudrc". I source "keystonerc_admin".</div><div><br></div><div>I sourced it and checked the "neutron net-show external_network" and the "router:external" network entry does show "True".</div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
The fact that you are trying to attach to "extnet" might be the<br>
problem. Did you include a physical network to bridge mapping such as<br>
"extnet:br-ex" when you deployed using the<br>
--neutron-network-bridge-mappings CLI parameter?<br>
<br>
You can check the settings in<br>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini on the<br>
controller(s) to see what your bridge mappings are. This is the default:<br>
<br>
bridge_mappings =datacentre:br-ex<br></blockquote><div><br></div><div><br></div><div> I can't find that file. I have an "/etc/neutron/plugins/ml2" directory, and inside of that there is the file "openvswitch_agent.ini". I checked "openvswitch_agent.ini" and it has the following entry:</div><div><br></div><div> bridge_mappings = extnet:br-ex</div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
When I create an external network, I use a command line such as this<br>
(if the external net is on the native VLAN):<br>
<br>
$ neutron net-create ext-net --router:external \<br>
--provider:physical_network datacentre \<br>
--provider:network_type flat<br>
<br>
If the external net is on a VLAN, then I use a command like this:<br>
<br>
$ neutron net-create ext-net --router:external \<br>
--provider:physical_network datacentre \<br>
--provider:network_type vlan \<br>
--provider:segmentation_id 104<br></blockquote><div><br></div><div><br></div><div> Mine is set up with a "provider:network_type: flat"</div><div><br></div><div> I assume that's right. I'm not 100% sure. According to my research, "VLAN" is distinguished from "native VLAN" by "tagging" or "trunking". I assume mine is native. </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
So double check to make sure that you have created the network with<br>
--router:external, and that the physical network matches the bridge<br>
mappings. If these things are out of sync, you will need to correct<br>
that, and delete and recreate the network(s).<br>
<br>
Once you have worked all that out, and you are sure that you have the<br>
bridge mappings such that br-ex is hosting the external network, then<br>
you can move on to some simple troubleshooting:<br>
<br>
* Can you ping 192.168.1.1 from the namespace of the virtual router?<br>
(use "ip netns list" and "ip netns exec <namespace> ping 192.168.1.1")<br></blockquote><div><br></div><div> This fails!</div><div> I get a "Destination Host Unreachable" result.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
* Can you ping the virtual router on the external network from the WRT<br>
router?<br></blockquote><div><br></div><div> I pinged 192.168.1.13, which is the virtual router's gateway to the external network, and it pings fine. </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
* Can you see the outbound packets on br-ex using "sudo tcpdump -i br-ex"?<br></blockquote><div><br></div><div> Btw, I'm on CentOS. I believe so. Just learning how to do this. For example, I see 192.168.1.12.5280 > 173.194.204.106.80, which I believe is outbound.</div><div><br></div><div><br></div><div> I also have settings for security as follows: "All" for TCP, UDP and ICMP, egress and ingress.</div><div><br></div><div> So, somehow pinging from virtual router to the physical gateway fails.</div><div><br></div><div> regards,</div><div> ...John</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
--<br>
<span class="">Dan Sneddon | Principal OpenStack Engineer<br>
</span><a href="mailto:dsneddon@redhat.com">dsneddon@redhat.com</a> | <a href="http://redhat.com/openstack" rel="noreferrer" target="_blank">redhat.com/openstack</a><br>
<a href="tel:650.254.4025" value="+16502544025">650.254.4025</a> | dsneddon:irc @dxs:twitter<br>
</blockquote></div><br></div></div>